Fix potential signed-overflow bug in _PyLong_Format; also fix

a couple of whitespace issues.

Fix potential signed-overflow bug in _PyLong_Format; also fix
a couple of whitespace issues.
1f4fc097 · Mark Dickinson · 3d85454b · 1f4fc097
Commit 1f4fc097 authored Sep 13, 2009 by Mark Dickinson
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 9 deletions

Objects/longobject.c Objects/longobject.c +11 -9

No files found.
--- a/Objects/longobject.c
+++ b/Objects/longobject.c
@@ -1371,7 +1371,7 @@ _PyLong_Format(PyObject *aa, int base, int addL, int newstyle)
 {
 	register PyLongObject *a = (PyLongObject *)aa;
 	PyStringObject *str;
-	Py_ssize_t i, j, sz;
+	Py_ssize_t i, sz;
 	Py_ssize_t size_a;
 	char *p;
 	int bits;
@@ -1392,13 +1392,14 @@ _PyLong_Format(PyObject *aa, int base, int addL, int newstyle)
 		i >>= 1;
 	}
 	i = 5 + (addL ? 1 : 0);
-	j = size_a*PyLong_SHIFT + bits-1;
+	/* ensure we don't get signed overflow in sz calculation */
-	sz = i + j / bits;
+	if (size_a > (PY_SSIZE_T_MAX - i) / PyLong_SHIFT) {
-	if (j / PyLong_SHIFT < size_a || sz < i) {
 		PyErr_SetString(PyExc_OverflowError,
 				"long is too large to format");
 		return NULL;
 	}
+	sz = i + 1 + (size_a * PyLong_SHIFT - 1) / bits;
+	assert(sz >= 0);
 	str = (PyStringObject *) PyString_FromStringAndSize((char *)0, sz);
 	if (str == NULL)
 		return NULL;
@@ -1448,7 +1449,8 @@ _PyLong_Format(PyObject *aa, int base, int addL, int newstyle)
 		int power = 1;
 		for (;;) {
 			twodigits newpow = powbase * (twodigits)base;
-			if (newpow >> PyLong_SHIFT)  /* doesn't fit in a digit */
+			if (newpow >> PyLong_SHIFT)
+				/* doesn't fit in a digit */
 				break;
 			powbase = (digit)newpow;
 			++power;